Cent OS 8 만져 보았다.
그러므로 기사로 하려면 "너무"레벨이 너무 낮습니다만, 아직 일본어의 기사가 거의 없기 때문에 우선 남겨 둡니다.
VMware에서 minimal Install로 진행합니다.
Download
집필 시점(2019/09/24)에서는 Cent OS의 공식 페이지에서 8.0을 확인할 수 없기 때문에
IIJ 링크를 붙여 둡니다.
htp //ftp. 좋은 j. 아 d. jp/pu b/ぃぬ x/전과 s/8.0.1905/이자 s/x86_64/
이 중 CentOS-8-x86_64-1905-dvd1.iso를 다운로드하면 좋다고 생각합니다.
※2019/09/25 16:55 추가
이미 Cent OS의 공식 페이지에서 CentOS 8.0이 배포되었습니다.
htps //w w. 전혀 s. rg/
Install
USB 메모리에 구워져, VMware등으로 기동되게 되어 자유롭게 부디.
설치 화면의 GUI는 7시에 비해 큰 차이가 없었습니다.
방향(?)이 바뀐 정도입니다. (어휘력)
시작
[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 8.0.1905 (Core)
[root@localhost ~]# uname -a
Linux localhost.localdomain 4.18.0-80.el8.x86_64 #1 SMP Tue Jun 4 09:19:46 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
제대로 Cent OS 8.0입니다.
Firewall
포트 개방을 해 보았습니다. 특히 Cent OS 7과 다르지 않습니다.
[root@localhost ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2019-09-25 13:48:46 JST; 1h 2min ago
Docs: man:firewalld(1)
Main PID: 761 (firewalld)
Tasks: 2 (limit: 24025)
Memory: 35.1M
CGroup: /system.slice/firewalld.service
└─761 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid
Sep 25 13:48:45 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
Sep 25 13:48:46 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl start firewalld
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# firewall-cmd --add-service=https --zone=public --permanent
success
[root@localhost ~]# firewall-cmd --add-port=8080/tcp --zone=public --permanent
success
[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens192
sources:
services: cockpit dhcpv6-client https ssh
ports: 8080/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@localhost ~]#
SELinux
언제나 무효로 해 버리므로 무효화만 실시했습니다. 이것도 변화 없음.
[root@localhost ~]# getenforce
Enforcing
[root@localhost ~]# setenforce 0
[root@localhost ~]# getenforce
Permissive
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# setenforce 1
[root@localhost ~]# getenforce
Enforcing
[root@localhost ~]# sed -i 's/SELINUX=enforcing/#SELINUX=enforcing/g' /etc/selinux/config
[root@localhost ~]# sed -i 'N;/#SELINUX=enforcing/i\SELINUX=disabled' /etc/selinux/config
[root@localhost ~]#
[root@localhost ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: disabled
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 31
[root@localhost ~]#
Network Manager
유효성 검사 중이지만 Network Manager를 단순히 비활성화하면 재부팅 후 SSH 연결을 사용할 수 없습니다.
우선/etc/sysconfig/network-scripts/ifcfg-ens192에 IP 주소 등을 설정하고,
그런 다음 Network Manager를 중지하고 자동 시작을 비활성화합니다. 그런 다음 다시 시작합니다.
①ifcfg-ens192 편집
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens192
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens192
UUID=f1e71063-064d-41cc-985e-6b8435f7a754
DEVICE=ens192
ONBOOT=yes
IPADDR=192.168.1.140
PREFIX=24
GATEWAY=192.168.1.1
DNS1=8.8.8.8
[root@localhost ~]#
② NetworkManager의 정지 및 무효화, 재기동
[root@localhost ~]# systemctl stop NetworkManager
[root@localhost ~]# systemctl disable NetworkManager
Removed /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed /etc/systemd/system/dbus-org.freedesktop.NetworkManager.service.
Removed /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.
Removed /etc/systemd/system/network-online.target.wants/NetworkManager-wait-online.service.
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:13:29:f1 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.140/24 brd 192.168.1.255 scope global dynamic noprefixroute ens192
valid_lft 86398sec preferred_lft 86398sec
inet6 fe80::8f3d:698b:1c:14a1/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@localhost ~]#
[root@localhost ~]# sync
[root@localhost ~]# sync
[root@localhost ~]# init 6
재부팅하면
현재는 NetworkManager를 기동해 재기동으로.
systemctl start NetworkManager
systemctl enable NetworkManager
sync
init 6
재부팅하면 안전 SSH 할 수있었습니다.
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:13:29:f1 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.140/24 brd 192.168.1.255 scope global dynamic noprefixroute ens192
valid_lft 86273sec preferred_lft 86273sec
inet6 fe80::8f3d:698b:1c:14a1/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@localhost ~]
[root@localhost ~]# ping google.com
PING google.com (172.217.25.110) 56(84) bytes of data.
64 bytes from nrt13s51-in-f110.1e100.net (172.217.25.110): icmp_seq=1 ttl=50 time=2.99 ms
64 bytes from nrt13s51-in-f110.1e100.net (172.217.25.110): icmp_seq=2 ttl=50 time=2.12 ms
64 bytes from nrt13s51-in-f110.1e100.net (172.217.25.110): icmp_seq=3 ttl=50 time=1.77 ms
64 bytes from nrt13s51-in-f110.1e100.net (172.217.25.110): icmp_seq=4 ttl=50 time=2.55 ms
^C
--- google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 8ms
rtt min/avg/max/mdev = 1.773/2.357/2.989/0.461 ms
ip명령으로 Link up은 할 수 있습니다만, 그것뿐이라고 역시 기대하는 것 같은 통신은 할 수 없었습니다.
DNS 추가
순서 반대가 되어 버렸습니다만 파일명이나 장소에 변경은 없었습니다.
Google DNS를 추가하기만 했습니다.
문제 없음.
위의 NetworkManager 문제가 해결되면.
cat > /etc/resolv.conf <<EOF
options timeout:1 attempts:1
nameserver 8.8.8.8
EOF
limits.conf 편집
파일의 동시 액세스와 프로세스 상한을 올리는 것(같다)
이쪽도 파일이나 패스에 변경은 없는 모양.
sed -i 's/# End of file//g' /etc/security/limits.conf
cat >> /etc/security/limits.conf << EOF
* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535
# End of file
EOF
그래서 Cent OS 7의 경우
sed -i 's/4096/65535/g' /etc/security/limits.d/20-nproc.conf
sed: can't read /etc/security/limits.d/20-nproc.conf: No such file or directory
이 파일도 변경해야 한다고 하는데, 이 파일은 없었습니다.
이 디렉토리를 살펴보면
[root@localhost ~]# cd /etc/security/limits.d/
[root@localhost limits.d]# ll
total 0
[root@localhost limits.d]#
내용 없음.
yum install
이것도 특별한 변경은없는 모양
[root@localhost security]# yum install -y vim
Last metadata expiration check: 0:15:56 ago on Wed 25 Sep 2019 04:24:24 PM JST.
Dependencies resolved.
===========================================================================================================================================================
Package Arch Version Repository Size
===========================================================================================================================================================
Installing:
vim-enhanced x86_64 2:8.0.1763-10.el8 AppStream 1.4 M
Installing dependencies:
gpm-libs x86_64 1.20.7-15.el8 AppStream 39 k
vim-common x86_64 2:8.0.1763-10.el8 AppStream 6.3 M
vim-filesystem noarch 2:8.0.1763-10.el8 AppStream 48 k
Transaction Summary
===========================================================================================================================================================
Install 4 Packages
Total download size: 7.8 M
Installed size: 30 M
Downloading Packages:
(1/4): gpm-libs-1.20.7-15.el8.x86_64.rpm 37 kB/s | 39 kB 00:01
(2/4): vim-filesystem-8.0.1763-10.el8.noarch.rpm 1.5 MB/s | 48 kB 00:00
(3/4): vim-enhanced-8.0.1763-10.el8.x86_64.rpm 1.0 MB/s | 1.4 MB 00:01
(4/4): vim-common-8.0.1763-10.el8.x86_64.rpm 3.6 MB/s | 6.3 MB 00:01
-----------------------------------------------------------------------------------------------------------------------------------------------------------
Total 2.5 MB/s | 7.8 MB 00:03
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : vim-filesystem-2:8.0.1763-10.el8.noarch 1/4
Installing : vim-common-2:8.0.1763-10.el8.x86_64 2/4
Installing : gpm-libs-1.20.7-15.el8.x86_64 3/4
Running scriptlet: gpm-libs-1.20.7-15.el8.x86_64 3/4
Installing : vim-enhanced-2:8.0.1763-10.el8.x86_64 4/4
Running scriptlet: vim-enhanced-2:8.0.1763-10.el8.x86_64 4/4
Running scriptlet: vim-common-2:8.0.1763-10.el8.x86_64 4/4
Verifying : gpm-libs-1.20.7-15.el8.x86_64 1/4
Verifying : vim-common-2:8.0.1763-10.el8.x86_64 2/4
Verifying : vim-enhanced-2:8.0.1763-10.el8.x86_64 3/4
Verifying : vim-filesystem-2:8.0.1763-10.el8.noarch 4/4
Installed:
vim-enhanced-2:8.0.1763-10.el8.x86_64 gpm-libs-1.20.7-15.el8.x86_64 vim-common-2:8.0.1763-10.el8.x86_64 vim-filesystem-2:8.0.1763-10.el8.noarch
Complete!
[root@localhost security]#
결론
우선 우리 쪽의 사용법에서는 CentOS 7과 비교해 Network 주위에서 고전하려고 하는 곳까지는 알았습니다.
이 기사의 범위외에서도 변경점·회피 방법등 있으면 코멘트·지적을 부탁드리겠습니다.
참고문헌
CentOS-8 (1905) 릴리스 노트
htps : // 우우키. 전혀 s. 오 rg / 자 / 마누아 ls / ree ase no s / Sent S8.1905
Reference
이 문제에 관하여(Cent OS 8 만져 보았다.), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다
https://qiita.com/Tsu_hao_Zhang/items/56c481404e70ffa0d64a
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념
(Collection and Share based on the CC Protocol.)
USB 메모리에 구워져, VMware등으로 기동되게 되어 자유롭게 부디.
설치 화면의 GUI는 7시에 비해 큰 차이가 없었습니다.
방향(?)이 바뀐 정도입니다. (어휘력)
시작
[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 8.0.1905 (Core)
[root@localhost ~]# uname -a
Linux localhost.localdomain 4.18.0-80.el8.x86_64 #1 SMP Tue Jun 4 09:19:46 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
제대로 Cent OS 8.0입니다.
Firewall
포트 개방을 해 보았습니다. 특히 Cent OS 7과 다르지 않습니다.
[root@localhost ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2019-09-25 13:48:46 JST; 1h 2min ago
Docs: man:firewalld(1)
Main PID: 761 (firewalld)
Tasks: 2 (limit: 24025)
Memory: 35.1M
CGroup: /system.slice/firewalld.service
└─761 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid
Sep 25 13:48:45 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
Sep 25 13:48:46 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl start firewalld
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# firewall-cmd --add-service=https --zone=public --permanent
success
[root@localhost ~]# firewall-cmd --add-port=8080/tcp --zone=public --permanent
success
[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens192
sources:
services: cockpit dhcpv6-client https ssh
ports: 8080/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@localhost ~]#
SELinux
언제나 무효로 해 버리므로 무효화만 실시했습니다. 이것도 변화 없음.
[root@localhost ~]# getenforce
Enforcing
[root@localhost ~]# setenforce 0
[root@localhost ~]# getenforce
Permissive
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# setenforce 1
[root@localhost ~]# getenforce
Enforcing
[root@localhost ~]# sed -i 's/SELINUX=enforcing/#SELINUX=enforcing/g' /etc/selinux/config
[root@localhost ~]# sed -i 'N;/#SELINUX=enforcing/i\SELINUX=disabled' /etc/selinux/config
[root@localhost ~]#
[root@localhost ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: disabled
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 31
[root@localhost ~]#
Network Manager
유효성 검사 중이지만 Network Manager를 단순히 비활성화하면 재부팅 후 SSH 연결을 사용할 수 없습니다.
우선/etc/sysconfig/network-scripts/ifcfg-ens192에 IP 주소 등을 설정하고,
그런 다음 Network Manager를 중지하고 자동 시작을 비활성화합니다. 그런 다음 다시 시작합니다.
①ifcfg-ens192 편집
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens192
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens192
UUID=f1e71063-064d-41cc-985e-6b8435f7a754
DEVICE=ens192
ONBOOT=yes
IPADDR=192.168.1.140
PREFIX=24
GATEWAY=192.168.1.1
DNS1=8.8.8.8
[root@localhost ~]#
② NetworkManager의 정지 및 무효화, 재기동
[root@localhost ~]# systemctl stop NetworkManager
[root@localhost ~]# systemctl disable NetworkManager
Removed /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed /etc/systemd/system/dbus-org.freedesktop.NetworkManager.service.
Removed /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.
Removed /etc/systemd/system/network-online.target.wants/NetworkManager-wait-online.service.
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:13:29:f1 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.140/24 brd 192.168.1.255 scope global dynamic noprefixroute ens192
valid_lft 86398sec preferred_lft 86398sec
inet6 fe80::8f3d:698b:1c:14a1/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@localhost ~]#
[root@localhost ~]# sync
[root@localhost ~]# sync
[root@localhost ~]# init 6
재부팅하면
현재는 NetworkManager를 기동해 재기동으로.
systemctl start NetworkManager
systemctl enable NetworkManager
sync
init 6
재부팅하면 안전 SSH 할 수있었습니다.
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:13:29:f1 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.140/24 brd 192.168.1.255 scope global dynamic noprefixroute ens192
valid_lft 86273sec preferred_lft 86273sec
inet6 fe80::8f3d:698b:1c:14a1/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@localhost ~]
[root@localhost ~]# ping google.com
PING google.com (172.217.25.110) 56(84) bytes of data.
64 bytes from nrt13s51-in-f110.1e100.net (172.217.25.110): icmp_seq=1 ttl=50 time=2.99 ms
64 bytes from nrt13s51-in-f110.1e100.net (172.217.25.110): icmp_seq=2 ttl=50 time=2.12 ms
64 bytes from nrt13s51-in-f110.1e100.net (172.217.25.110): icmp_seq=3 ttl=50 time=1.77 ms
64 bytes from nrt13s51-in-f110.1e100.net (172.217.25.110): icmp_seq=4 ttl=50 time=2.55 ms
^C
--- google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 8ms
rtt min/avg/max/mdev = 1.773/2.357/2.989/0.461 ms
ip명령으로 Link up은 할 수 있습니다만, 그것뿐이라고 역시 기대하는 것 같은 통신은 할 수 없었습니다.
DNS 추가
순서 반대가 되어 버렸습니다만 파일명이나 장소에 변경은 없었습니다.
Google DNS를 추가하기만 했습니다.
문제 없음.
위의 NetworkManager 문제가 해결되면.
cat > /etc/resolv.conf <<EOF
options timeout:1 attempts:1
nameserver 8.8.8.8
EOF
limits.conf 편집
파일의 동시 액세스와 프로세스 상한을 올리는 것(같다)
이쪽도 파일이나 패스에 변경은 없는 모양.
sed -i 's/# End of file//g' /etc/security/limits.conf
cat >> /etc/security/limits.conf << EOF
* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535
# End of file
EOF
그래서 Cent OS 7의 경우
sed -i 's/4096/65535/g' /etc/security/limits.d/20-nproc.conf
sed: can't read /etc/security/limits.d/20-nproc.conf: No such file or directory
이 파일도 변경해야 한다고 하는데, 이 파일은 없었습니다.
이 디렉토리를 살펴보면
[root@localhost ~]# cd /etc/security/limits.d/
[root@localhost limits.d]# ll
total 0
[root@localhost limits.d]#
내용 없음.
yum install
이것도 특별한 변경은없는 모양
[root@localhost security]# yum install -y vim
Last metadata expiration check: 0:15:56 ago on Wed 25 Sep 2019 04:24:24 PM JST.
Dependencies resolved.
===========================================================================================================================================================
Package Arch Version Repository Size
===========================================================================================================================================================
Installing:
vim-enhanced x86_64 2:8.0.1763-10.el8 AppStream 1.4 M
Installing dependencies:
gpm-libs x86_64 1.20.7-15.el8 AppStream 39 k
vim-common x86_64 2:8.0.1763-10.el8 AppStream 6.3 M
vim-filesystem noarch 2:8.0.1763-10.el8 AppStream 48 k
Transaction Summary
===========================================================================================================================================================
Install 4 Packages
Total download size: 7.8 M
Installed size: 30 M
Downloading Packages:
(1/4): gpm-libs-1.20.7-15.el8.x86_64.rpm 37 kB/s | 39 kB 00:01
(2/4): vim-filesystem-8.0.1763-10.el8.noarch.rpm 1.5 MB/s | 48 kB 00:00
(3/4): vim-enhanced-8.0.1763-10.el8.x86_64.rpm 1.0 MB/s | 1.4 MB 00:01
(4/4): vim-common-8.0.1763-10.el8.x86_64.rpm 3.6 MB/s | 6.3 MB 00:01
-----------------------------------------------------------------------------------------------------------------------------------------------------------
Total 2.5 MB/s | 7.8 MB 00:03
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : vim-filesystem-2:8.0.1763-10.el8.noarch 1/4
Installing : vim-common-2:8.0.1763-10.el8.x86_64 2/4
Installing : gpm-libs-1.20.7-15.el8.x86_64 3/4
Running scriptlet: gpm-libs-1.20.7-15.el8.x86_64 3/4
Installing : vim-enhanced-2:8.0.1763-10.el8.x86_64 4/4
Running scriptlet: vim-enhanced-2:8.0.1763-10.el8.x86_64 4/4
Running scriptlet: vim-common-2:8.0.1763-10.el8.x86_64 4/4
Verifying : gpm-libs-1.20.7-15.el8.x86_64 1/4
Verifying : vim-common-2:8.0.1763-10.el8.x86_64 2/4
Verifying : vim-enhanced-2:8.0.1763-10.el8.x86_64 3/4
Verifying : vim-filesystem-2:8.0.1763-10.el8.noarch 4/4
Installed:
vim-enhanced-2:8.0.1763-10.el8.x86_64 gpm-libs-1.20.7-15.el8.x86_64 vim-common-2:8.0.1763-10.el8.x86_64 vim-filesystem-2:8.0.1763-10.el8.noarch
Complete!
[root@localhost security]#
결론
우선 우리 쪽의 사용법에서는 CentOS 7과 비교해 Network 주위에서 고전하려고 하는 곳까지는 알았습니다.
이 기사의 범위외에서도 변경점·회피 방법등 있으면 코멘트·지적을 부탁드리겠습니다.
참고문헌
CentOS-8 (1905) 릴리스 노트
htps : // 우우키. 전혀 s. 오 rg / 자 / 마누아 ls / ree ase no s / Sent S8.1905
Reference
이 문제에 관하여(Cent OS 8 만져 보았다.), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다
https://qiita.com/Tsu_hao_Zhang/items/56c481404e70ffa0d64a
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념
(Collection and Share based on the CC Protocol.)
[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 8.0.1905 (Core)
[root@localhost ~]# uname -a
Linux localhost.localdomain 4.18.0-80.el8.x86_64 #1 SMP Tue Jun 4 09:19:46 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2019-09-25 13:48:46 JST; 1h 2min ago
Docs: man:firewalld(1)
Main PID: 761 (firewalld)
Tasks: 2 (limit: 24025)
Memory: 35.1M
CGroup: /system.slice/firewalld.service
└─761 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid
Sep 25 13:48:45 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
Sep 25 13:48:46 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl start firewalld
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# firewall-cmd --add-service=https --zone=public --permanent
success
[root@localhost ~]# firewall-cmd --add-port=8080/tcp --zone=public --permanent
success
[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens192
sources:
services: cockpit dhcpv6-client https ssh
ports: 8080/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@localhost ~]#
[root@localhost ~]# getenforce
Enforcing
[root@localhost ~]# setenforce 0
[root@localhost ~]# getenforce
Permissive
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# setenforce 1
[root@localhost ~]# getenforce
Enforcing
[root@localhost ~]# sed -i 's/SELINUX=enforcing/#SELINUX=enforcing/g' /etc/selinux/config
[root@localhost ~]# sed -i 'N;/#SELINUX=enforcing/i\SELINUX=disabled' /etc/selinux/config
[root@localhost ~]#
[root@localhost ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: disabled
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 31
[root@localhost ~]#
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens192
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens192
UUID=f1e71063-064d-41cc-985e-6b8435f7a754
DEVICE=ens192
ONBOOT=yes
IPADDR=192.168.1.140
PREFIX=24
GATEWAY=192.168.1.1
DNS1=8.8.8.8
[root@localhost ~]#
[root@localhost ~]# systemctl stop NetworkManager
[root@localhost ~]# systemctl disable NetworkManager
Removed /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed /etc/systemd/system/dbus-org.freedesktop.NetworkManager.service.
Removed /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.
Removed /etc/systemd/system/network-online.target.wants/NetworkManager-wait-online.service.
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:13:29:f1 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.140/24 brd 192.168.1.255 scope global dynamic noprefixroute ens192
valid_lft 86398sec preferred_lft 86398sec
inet6 fe80::8f3d:698b:1c:14a1/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@localhost ~]#
[root@localhost ~]# sync
[root@localhost ~]# sync
[root@localhost ~]# init 6
systemctl start NetworkManager
systemctl enable NetworkManager
sync
init 6
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:13:29:f1 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.140/24 brd 192.168.1.255 scope global dynamic noprefixroute ens192
valid_lft 86273sec preferred_lft 86273sec
inet6 fe80::8f3d:698b:1c:14a1/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@localhost ~]
[root@localhost ~]# ping google.com
PING google.com (172.217.25.110) 56(84) bytes of data.
64 bytes from nrt13s51-in-f110.1e100.net (172.217.25.110): icmp_seq=1 ttl=50 time=2.99 ms
64 bytes from nrt13s51-in-f110.1e100.net (172.217.25.110): icmp_seq=2 ttl=50 time=2.12 ms
64 bytes from nrt13s51-in-f110.1e100.net (172.217.25.110): icmp_seq=3 ttl=50 time=1.77 ms
64 bytes from nrt13s51-in-f110.1e100.net (172.217.25.110): icmp_seq=4 ttl=50 time=2.55 ms
^C
--- google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 8ms
rtt min/avg/max/mdev = 1.773/2.357/2.989/0.461 ms
cat > /etc/resolv.conf <<EOF
options timeout:1 attempts:1
nameserver 8.8.8.8
EOF
sed -i 's/# End of file//g' /etc/security/limits.conf
cat >> /etc/security/limits.conf << EOF
* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535
# End of file
EOF
sed -i 's/4096/65535/g' /etc/security/limits.d/20-nproc.conf
sed: can't read /etc/security/limits.d/20-nproc.conf: No such file or directory
[root@localhost ~]# cd /etc/security/limits.d/
[root@localhost limits.d]# ll
total 0
[root@localhost limits.d]#
[root@localhost security]# yum install -y vim
Last metadata expiration check: 0:15:56 ago on Wed 25 Sep 2019 04:24:24 PM JST.
Dependencies resolved.
===========================================================================================================================================================
Package Arch Version Repository Size
===========================================================================================================================================================
Installing:
vim-enhanced x86_64 2:8.0.1763-10.el8 AppStream 1.4 M
Installing dependencies:
gpm-libs x86_64 1.20.7-15.el8 AppStream 39 k
vim-common x86_64 2:8.0.1763-10.el8 AppStream 6.3 M
vim-filesystem noarch 2:8.0.1763-10.el8 AppStream 48 k
Transaction Summary
===========================================================================================================================================================
Install 4 Packages
Total download size: 7.8 M
Installed size: 30 M
Downloading Packages:
(1/4): gpm-libs-1.20.7-15.el8.x86_64.rpm 37 kB/s | 39 kB 00:01
(2/4): vim-filesystem-8.0.1763-10.el8.noarch.rpm 1.5 MB/s | 48 kB 00:00
(3/4): vim-enhanced-8.0.1763-10.el8.x86_64.rpm 1.0 MB/s | 1.4 MB 00:01
(4/4): vim-common-8.0.1763-10.el8.x86_64.rpm 3.6 MB/s | 6.3 MB 00:01
-----------------------------------------------------------------------------------------------------------------------------------------------------------
Total 2.5 MB/s | 7.8 MB 00:03
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : vim-filesystem-2:8.0.1763-10.el8.noarch 1/4
Installing : vim-common-2:8.0.1763-10.el8.x86_64 2/4
Installing : gpm-libs-1.20.7-15.el8.x86_64 3/4
Running scriptlet: gpm-libs-1.20.7-15.el8.x86_64 3/4
Installing : vim-enhanced-2:8.0.1763-10.el8.x86_64 4/4
Running scriptlet: vim-enhanced-2:8.0.1763-10.el8.x86_64 4/4
Running scriptlet: vim-common-2:8.0.1763-10.el8.x86_64 4/4
Verifying : gpm-libs-1.20.7-15.el8.x86_64 1/4
Verifying : vim-common-2:8.0.1763-10.el8.x86_64 2/4
Verifying : vim-enhanced-2:8.0.1763-10.el8.x86_64 3/4
Verifying : vim-filesystem-2:8.0.1763-10.el8.noarch 4/4
Installed:
vim-enhanced-2:8.0.1763-10.el8.x86_64 gpm-libs-1.20.7-15.el8.x86_64 vim-common-2:8.0.1763-10.el8.x86_64 vim-filesystem-2:8.0.1763-10.el8.noarch
Complete!
[root@localhost security]#
우선 우리 쪽의 사용법에서는 CentOS 7과 비교해 Network 주위에서 고전하려고 하는 곳까지는 알았습니다.
이 기사의 범위외에서도 변경점·회피 방법등 있으면 코멘트·지적을 부탁드리겠습니다.
참고문헌
CentOS-8 (1905) 릴리스 노트
htps : // 우우키. 전혀 s. 오 rg / 자 / 마누아 ls / ree ase no s / Sent S8.1905
Reference
이 문제에 관하여(Cent OS 8 만져 보았다.), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다 https://qiita.com/Tsu_hao_Zhang/items/56c481404e70ffa0d64a텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념
(Collection and Share based on the CC Protocol.)
좋은 웹페이지 즐겨찾기
